Risk Management Framework (RMF) and Authority to Operate (ATO)

Abstract

What is the Risk Management Framework (RMF)? In 2014, the DoD started transitioning from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to the Risk Management Framework for the DoD IT (RMF). NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems", transforms the traditional Certification and Accreditation (C and A) process into the six-step Risk Management Framework (RMF). The Risk Management Framework (RMF) provides a disciplined and structured process that integrates information security and risk management activities into the system development lifecycle.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 03, 2023
Accession Number
AD1192534

Entities

People

  • Tim Chick
  • Tom Scanlon

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Cybersecurity
  • Department Of Defense
  • Engineering
  • Governments
  • Guarantees
  • Information Assurance
  • Information Processing
  • Information Security
  • Information Systems
  • Materials
  • National Security
  • Risk
  • Risk Management
  • Security
  • Software Development
  • Universities

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management